]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- stevesk@cvs.openbsd.org 2001/02/21 21:14:04
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
15853e93 13RCSID("$OpenBSD: servconf.c,v 1.67 2001/02/12 16:16:23 markus Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
48e671d5 34/* add listen address */
35void add_listen_addr(ServerOptions *options, char *addr);
36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->check_mail = -1;
59 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
fa649821 61 options->xauth_location = NULL;
5260325f 62 options->strict_modes = -1;
63 options->keepalives = -1;
64 options->log_facility = (SyslogFacility) - 1;
65 options->log_level = (LogLevel) - 1;
66 options->rhosts_authentication = -1;
67 options->rhosts_rsa_authentication = -1;
68 options->rsa_authentication = -1;
fa08c86b 69 options->pubkey_authentication = -1;
8efc0c15 70#ifdef KRB4
5260325f 71 options->kerberos_authentication = -1;
72 options->kerberos_or_local_passwd = -1;
73 options->kerberos_ticket_cleanup = -1;
8efc0c15 74#endif
75#ifdef AFS
5260325f 76 options->kerberos_tgt_passing = -1;
77 options->afs_token_passing = -1;
8efc0c15 78#endif
5260325f 79 options->password_authentication = -1;
94ec8c6b 80 options->kbd_interactive_authentication = -1;
d464095c 81 options->challenge_reponse_authentication = -1;
5260325f 82 options->permit_empty_passwd = -1;
83 options->use_login = -1;
33de75a3 84 options->allow_tcp_forwarding = -1;
5260325f 85 options->num_allow_users = 0;
86 options->num_deny_users = 0;
87 options->num_allow_groups = 0;
88 options->num_deny_groups = 0;
a8be9f80 89 options->ciphers = NULL;
b2552997 90 options->macs = NULL;
a8be9f80 91 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 92 options->gateway_ports = -1;
38c295d6 93 options->num_subsystems = 0;
c345cf9d 94 options->max_startups_begin = -1;
95 options->max_startups_rate = -1;
089fbbd2 96 options->max_startups = -1;
eea39c02 97 options->banner = NULL;
61e96248 98 options->reverse_mapping_check = -1;
8efc0c15 99}
100
6ae2364d 101void
5260325f 102fill_default_server_options(ServerOptions *options)
8efc0c15 103{
fa08c86b 104 if (options->protocol == SSH_PROTO_UNKNOWN)
105 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
106 if (options->num_host_key_files == 0) {
107 /* fill default hostkeys for protocols */
108 if (options->protocol & SSH_PROTO_1)
42f11eb2 109 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 110 if (options->protocol & SSH_PROTO_2)
42f11eb2 111 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 112 }
48e671d5 113 if (options->num_ports == 0)
114 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
115 if (options->listen_addrs == NULL)
116 add_listen_addr(options, NULL);
0fbe8c74 117 if (options->pid_file == NULL)
42f11eb2 118 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 119 if (options->server_key_bits == -1)
120 options->server_key_bits = 768;
121 if (options->login_grace_time == -1)
122 options->login_grace_time = 600;
123 if (options->key_regeneration_time == -1)
124 options->key_regeneration_time = 3600;
15853e93 125 if (options->permit_root_login == PERMIT_NOT_SET)
126 options->permit_root_login = PERMIT_YES;
5260325f 127 if (options->ignore_rhosts == -1)
c8d54615 128 options->ignore_rhosts = 1;
5260325f 129 if (options->ignore_user_known_hosts == -1)
130 options->ignore_user_known_hosts = 0;
131 if (options->check_mail == -1)
132 options->check_mail = 0;
133 if (options->print_motd == -1)
134 options->print_motd = 1;
135 if (options->x11_forwarding == -1)
c8d54615 136 options->x11_forwarding = 0;
5260325f 137 if (options->x11_display_offset == -1)
c8d54615 138 options->x11_display_offset = 10;
fa649821 139#ifdef XAUTH_PATH
140 if (options->xauth_location == NULL)
141 options->xauth_location = XAUTH_PATH;
142#endif /* XAUTH_PATH */
5260325f 143 if (options->strict_modes == -1)
144 options->strict_modes = 1;
145 if (options->keepalives == -1)
146 options->keepalives = 1;
147 if (options->log_facility == (SyslogFacility) (-1))
148 options->log_facility = SYSLOG_FACILITY_AUTH;
149 if (options->log_level == (LogLevel) (-1))
59c97189 150 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 151 if (options->rhosts_authentication == -1)
152 options->rhosts_authentication = 0;
153 if (options->rhosts_rsa_authentication == -1)
c8d54615 154 options->rhosts_rsa_authentication = 0;
5260325f 155 if (options->rsa_authentication == -1)
156 options->rsa_authentication = 1;
fa08c86b 157 if (options->pubkey_authentication == -1)
158 options->pubkey_authentication = 1;
8efc0c15 159#ifdef KRB4
5260325f 160 if (options->kerberos_authentication == -1)
161 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
162 if (options->kerberos_or_local_passwd == -1)
163 options->kerberos_or_local_passwd = 1;
164 if (options->kerberos_ticket_cleanup == -1)
165 options->kerberos_ticket_cleanup = 1;
8efc0c15 166#endif /* KRB4 */
167#ifdef AFS
5260325f 168 if (options->kerberos_tgt_passing == -1)
169 options->kerberos_tgt_passing = 0;
170 if (options->afs_token_passing == -1)
171 options->afs_token_passing = k_hasafs();
8efc0c15 172#endif /* AFS */
5260325f 173 if (options->password_authentication == -1)
174 options->password_authentication = 1;
94ec8c6b 175 if (options->kbd_interactive_authentication == -1)
176 options->kbd_interactive_authentication = 0;
d464095c 177 if (options->challenge_reponse_authentication == -1)
178 options->challenge_reponse_authentication = 1;
5260325f 179 if (options->permit_empty_passwd == -1)
c8d54615 180 options->permit_empty_passwd = 0;
5260325f 181 if (options->use_login == -1)
182 options->use_login = 0;
33de75a3 183 if (options->allow_tcp_forwarding == -1)
184 options->allow_tcp_forwarding = 1;
1d1ffb87 185 if (options->gateway_ports == -1)
186 options->gateway_ports = 0;
089fbbd2 187 if (options->max_startups == -1)
188 options->max_startups = 10;
c345cf9d 189 if (options->max_startups_rate == -1)
190 options->max_startups_rate = 100; /* 100% */
191 if (options->max_startups_begin == -1)
192 options->max_startups_begin = options->max_startups;
61e96248 193 if (options->reverse_mapping_check == -1)
194 options->reverse_mapping_check = 0;
8efc0c15 195}
196
8efc0c15 197/* Keyword tokens. */
5260325f 198typedef enum {
199 sBadOption, /* == unknown option */
200 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
201 sPermitRootLogin, sLogFacility, sLogLevel,
202 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 203#ifdef KRB4
5260325f 204 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 205#endif
206#ifdef AFS
5260325f 207 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 208#endif
d464095c 209 sChallengeResponseAuthentication,
94ec8c6b 210 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 211 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
212 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
33de75a3 213 sUseLogin, sAllowTcpForwarding,
214 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 215 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 216 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
61e96248 217 sBanner, sReverseMappingCheck
8efc0c15 218} ServerOpCodes;
219
220/* Textual representation of the tokens. */
5260325f 221static struct {
222 const char *name;
223 ServerOpCodes opcode;
224} keywords[] = {
225 { "port", sPort },
226 { "hostkey", sHostKeyFile },
fa08c86b 227 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 228 { "pidfile", sPidFile },
5260325f 229 { "serverkeybits", sServerKeyBits },
230 { "logingracetime", sLoginGraceTime },
231 { "keyregenerationinterval", sKeyRegenerationTime },
232 { "permitrootlogin", sPermitRootLogin },
233 { "syslogfacility", sLogFacility },
234 { "loglevel", sLogLevel },
235 { "rhostsauthentication", sRhostsAuthentication },
236 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
237 { "rsaauthentication", sRSAAuthentication },
fa08c86b 238 { "pubkeyauthentication", sPubkeyAuthentication },
239 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 240#ifdef KRB4
5260325f 241 { "kerberosauthentication", sKerberosAuthentication },
242 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
243 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 244#endif
245#ifdef AFS
5260325f 246 { "kerberostgtpassing", sKerberosTgtPassing },
247 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 248#endif
5260325f 249 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 250 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 251 { "challengeresponseauthentication", sChallengeResponseAuthentication },
252 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 253 { "checkmail", sCheckMail },
254 { "listenaddress", sListenAddress },
255 { "printmotd", sPrintMotd },
256 { "ignorerhosts", sIgnoreRhosts },
257 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
258 { "x11forwarding", sX11Forwarding },
259 { "x11displayoffset", sX11DisplayOffset },
fa649821 260 { "xauthlocation", sXAuthLocation },
5260325f 261 { "strictmodes", sStrictModes },
262 { "permitemptypasswords", sEmptyPasswd },
263 { "uselogin", sUseLogin },
264 { "randomseed", sRandomSeedFile },
265 { "keepalive", sKeepAlives },
33de75a3 266 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 267 { "allowusers", sAllowUsers },
268 { "denyusers", sDenyUsers },
269 { "allowgroups", sAllowGroups },
270 { "denygroups", sDenyGroups },
a8be9f80 271 { "ciphers", sCiphers },
b2552997 272 { "macs", sMacs },
a8be9f80 273 { "protocol", sProtocol },
1d1ffb87 274 { "gatewayports", sGatewayPorts },
38c295d6 275 { "subsystem", sSubsystem },
089fbbd2 276 { "maxstartups", sMaxStartups },
eea39c02 277 { "banner", sBanner },
61e96248 278 { "reversemappingcheck", sReverseMappingCheck },
5260325f 279 { NULL, 0 }
8efc0c15 280};
281
aa3378df 282/*
283 * Returns the number of the token pointed to by cp of length len. Never
284 * returns if the token is not known.
285 */
8efc0c15 286
6ae2364d 287static ServerOpCodes
5260325f 288parse_token(const char *cp, const char *filename,
289 int linenum)
8efc0c15 290{
1e3b8b07 291 u_int i;
8efc0c15 292
5260325f 293 for (i = 0; keywords[i].name; i++)
aa3378df 294 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 295 return keywords[i].opcode;
8efc0c15 296
5260325f 297 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
298 filename, linenum, cp);
299 return sBadOption;
8efc0c15 300}
301
48e671d5 302/*
303 * add listen address
304 */
6ae2364d 305void
48e671d5 306add_listen_addr(ServerOptions *options, char *addr)
307{
48e671d5 308 struct addrinfo hints, *ai, *aitop;
309 char strport[NI_MAXSERV];
310 int gaierr;
311 int i;
312
313 if (options->num_ports == 0)
314 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
315 for (i = 0; i < options->num_ports; i++) {
316 memset(&hints, 0, sizeof(hints));
317 hints.ai_family = IPv4or6;
318 hints.ai_socktype = SOCK_STREAM;
319 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
320 snprintf(strport, sizeof strport, "%d", options->ports[i]);
321 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
322 fatal("bad addr or host: %s (%s)\n",
323 addr ? addr : "<NULL>",
324 gai_strerror(gaierr));
325 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
326 ;
327 ai->ai_next = options->listen_addrs;
328 options->listen_addrs = aitop;
329 }
330}
331
8efc0c15 332/* Reads the server configuration file. */
333
6ae2364d 334void
5260325f 335read_server_config(ServerOptions *options, const char *filename)
8efc0c15 336{
5260325f 337 FILE *f;
338 char line[1024];
089fbbd2 339 char *cp, **charptr, *arg;
5260325f 340 int linenum, *intptr, value;
341 int bad_options = 0;
342 ServerOpCodes opcode;
38c295d6 343 int i;
5260325f 344
345 f = fopen(filename, "r");
346 if (!f) {
347 perror(filename);
8efc0c15 348 exit(1);
5260325f 349 }
350 linenum = 0;
351 while (fgets(line, sizeof(line), f)) {
352 linenum++;
704b1659 353 cp = line;
354 arg = strdelim(&cp);
355 /* Ignore leading whitespace */
356 if (*arg == '\0')
357 arg = strdelim(&cp);
42f11eb2 358 if (!arg || !*arg || *arg == '#')
5260325f 359 continue;
fa08c86b 360 intptr = NULL;
361 charptr = NULL;
089fbbd2 362 opcode = parse_token(arg, filename, linenum);
5260325f 363 switch (opcode) {
364 case sBadOption:
365 bad_options++;
366 continue;
367 case sPort:
48e671d5 368 /* ignore ports from configfile if cmdline specifies ports */
369 if (options->ports_from_cmdline)
370 continue;
371 if (options->listen_addrs != NULL)
372 fatal("%s line %d: ports must be specified before "
373 "ListenAdress.\n", filename, linenum);
374 if (options->num_ports >= MAX_PORTS)
375 fatal("%s line %d: too many ports.\n",
6ae2364d 376 filename, linenum);
704b1659 377 arg = strdelim(&cp);
089fbbd2 378 if (!arg || *arg == '\0')
48e671d5 379 fatal("%s line %d: missing port number.\n",
380 filename, linenum);
089fbbd2 381 options->ports[options->num_ports++] = atoi(arg);
48e671d5 382 break;
383
384 case sServerKeyBits:
385 intptr = &options->server_key_bits;
5260325f 386parse_int:
704b1659 387 arg = strdelim(&cp);
089fbbd2 388 if (!arg || *arg == '\0') {
5260325f 389 fprintf(stderr, "%s line %d: missing integer value.\n",
390 filename, linenum);
391 exit(1);
392 }
089fbbd2 393 value = atoi(arg);
5260325f 394 if (*intptr == -1)
395 *intptr = value;
396 break;
397
5260325f 398 case sLoginGraceTime:
399 intptr = &options->login_grace_time;
400 goto parse_int;
401
402 case sKeyRegenerationTime:
403 intptr = &options->key_regeneration_time;
404 goto parse_int;
405
406 case sListenAddress:
704b1659 407 arg = strdelim(&cp);
089fbbd2 408 if (!arg || *arg == '\0')
48e671d5 409 fatal("%s line %d: missing inet addr.\n",
410 filename, linenum);
089fbbd2 411 add_listen_addr(options, arg);
5260325f 412 break;
413
414 case sHostKeyFile:
fa08c86b 415 intptr = &options->num_host_key_files;
416 if (*intptr >= MAX_HOSTKEYS) {
417 fprintf(stderr, "%s line %d: to many host keys specified (max %d).\n",
418 filename, linenum, MAX_HOSTKEYS);
419 exit(1);
420 }
421 charptr = &options->host_key_files[*intptr];
fa649821 422parse_filename:
704b1659 423 arg = strdelim(&cp);
089fbbd2 424 if (!arg || *arg == '\0') {
5260325f 425 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 426 filename, linenum);
427 exit(1);
428 }
fa08c86b 429 if (*charptr == NULL) {
089fbbd2 430 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 431 /* increase optional counter */
432 if (intptr != NULL)
433 *intptr = *intptr + 1;
434 }
0fbe8c74 435 break;
436
437 case sPidFile:
438 charptr = &options->pid_file;
fa649821 439 goto parse_filename;
5260325f 440
441 case sRandomSeedFile:
442 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
443 filename, linenum);
704b1659 444 arg = strdelim(&cp);
5260325f 445 break;
446
447 case sPermitRootLogin:
448 intptr = &options->permit_root_login;
704b1659 449 arg = strdelim(&cp);
089fbbd2 450 if (!arg || *arg == '\0') {
5260325f 451 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
452 filename, linenum);
453 exit(1);
454 }
089fbbd2 455 if (strcmp(arg, "without-password") == 0)
15853e93 456 value = PERMIT_NO_PASSWD;
457 else if (strcmp(arg, "forced-commands-only") == 0)
458 value = PERMIT_FORCED_ONLY;
089fbbd2 459 else if (strcmp(arg, "yes") == 0)
15853e93 460 value = PERMIT_YES;
089fbbd2 461 else if (strcmp(arg, "no") == 0)
15853e93 462 value = PERMIT_NO;
5260325f 463 else {
15853e93 464 fprintf(stderr, "%s line %d: Bad yes/"
465 "without-password/forced-commands-only/no "
466 "argument: %s\n", filename, linenum, arg);
5260325f 467 exit(1);
468 }
469 if (*intptr == -1)
470 *intptr = value;
471 break;
472
473 case sIgnoreRhosts:
474 intptr = &options->ignore_rhosts;
475parse_flag:
704b1659 476 arg = strdelim(&cp);
089fbbd2 477 if (!arg || *arg == '\0') {
5260325f 478 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
479 filename, linenum);
480 exit(1);
481 }
089fbbd2 482 if (strcmp(arg, "yes") == 0)
5260325f 483 value = 1;
089fbbd2 484 else if (strcmp(arg, "no") == 0)
5260325f 485 value = 0;
486 else {
487 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 488 filename, linenum, arg);
5260325f 489 exit(1);
490 }
491 if (*intptr == -1)
492 *intptr = value;
493 break;
494
495 case sIgnoreUserKnownHosts:
496 intptr = &options->ignore_user_known_hosts;
c8d54615 497 goto parse_flag;
5260325f 498
499 case sRhostsAuthentication:
500 intptr = &options->rhosts_authentication;
501 goto parse_flag;
502
503 case sRhostsRSAAuthentication:
504 intptr = &options->rhosts_rsa_authentication;
505 goto parse_flag;
506
507 case sRSAAuthentication:
508 intptr = &options->rsa_authentication;
509 goto parse_flag;
510
fa08c86b 511 case sPubkeyAuthentication:
512 intptr = &options->pubkey_authentication;
1d1ffb87 513 goto parse_flag;
514
8efc0c15 515#ifdef KRB4
5260325f 516 case sKerberosAuthentication:
517 intptr = &options->kerberos_authentication;
518 goto parse_flag;
519
520 case sKerberosOrLocalPasswd:
521 intptr = &options->kerberos_or_local_passwd;
522 goto parse_flag;
523
524 case sKerberosTicketCleanup:
525 intptr = &options->kerberos_ticket_cleanup;
526 goto parse_flag;
8efc0c15 527#endif
5260325f 528
8efc0c15 529#ifdef AFS
5260325f 530 case sKerberosTgtPassing:
531 intptr = &options->kerberos_tgt_passing;
532 goto parse_flag;
8efc0c15 533
5260325f 534 case sAFSTokenPassing:
535 intptr = &options->afs_token_passing;
536 goto parse_flag;
8efc0c15 537#endif
538
5260325f 539 case sPasswordAuthentication:
540 intptr = &options->password_authentication;
541 goto parse_flag;
8efc0c15 542
94ec8c6b 543 case sKbdInteractiveAuthentication:
544 intptr = &options->kbd_interactive_authentication;
545 goto parse_flag;
546
5260325f 547 case sCheckMail:
548 intptr = &options->check_mail;
549 goto parse_flag;
8efc0c15 550
d464095c 551 case sChallengeResponseAuthentication:
552 intptr = &options->challenge_reponse_authentication;
5260325f 553 goto parse_flag;
8efc0c15 554
5260325f 555 case sPrintMotd:
556 intptr = &options->print_motd;
557 goto parse_flag;
558
559 case sX11Forwarding:
560 intptr = &options->x11_forwarding;
561 goto parse_flag;
562
563 case sX11DisplayOffset:
564 intptr = &options->x11_display_offset;
565 goto parse_int;
566
fa649821 567 case sXAuthLocation:
568 charptr = &options->xauth_location;
569 goto parse_filename;
2b87da3b 570
5260325f 571 case sStrictModes:
572 intptr = &options->strict_modes;
573 goto parse_flag;
574
575 case sKeepAlives:
576 intptr = &options->keepalives;
577 goto parse_flag;
578
579 case sEmptyPasswd:
580 intptr = &options->permit_empty_passwd;
581 goto parse_flag;
582
583 case sUseLogin:
584 intptr = &options->use_login;
585 goto parse_flag;
586
1d1ffb87 587 case sGatewayPorts:
588 intptr = &options->gateway_ports;
589 goto parse_flag;
590
61e96248 591 case sReverseMappingCheck:
592 intptr = &options->reverse_mapping_check;
593 goto parse_flag;
594
5260325f 595 case sLogFacility:
596 intptr = (int *) &options->log_facility;
704b1659 597 arg = strdelim(&cp);
089fbbd2 598 value = log_facility_number(arg);
5260325f 599 if (value == (SyslogFacility) - 1)
600 fatal("%.200s line %d: unsupported log facility '%s'\n",
089fbbd2 601 filename, linenum, arg ? arg : "<NONE>");
5260325f 602 if (*intptr == -1)
603 *intptr = (SyslogFacility) value;
604 break;
605
606 case sLogLevel:
607 intptr = (int *) &options->log_level;
704b1659 608 arg = strdelim(&cp);
089fbbd2 609 value = log_level_number(arg);
5260325f 610 if (value == (LogLevel) - 1)
611 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 612 filename, linenum, arg ? arg : "<NONE>");
5260325f 613 if (*intptr == -1)
614 *intptr = (LogLevel) value;
615 break;
616
33de75a3 617 case sAllowTcpForwarding:
618 intptr = &options->allow_tcp_forwarding;
619 goto parse_flag;
620
5260325f 621 case sAllowUsers:
704b1659 622 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 623 if (options->num_allow_users >= MAX_ALLOW_USERS)
624 fatal("%s line %d: too many allow users.\n",
625 filename, linenum);
089fbbd2 626 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 627 }
628 break;
629
630 case sDenyUsers:
704b1659 631 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 632 if (options->num_deny_users >= MAX_DENY_USERS)
633 fatal( "%s line %d: too many deny users.\n",
634 filename, linenum);
089fbbd2 635 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 636 }
637 break;
638
639 case sAllowGroups:
704b1659 640 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 641 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
642 fatal("%s line %d: too many allow groups.\n",
643 filename, linenum);
089fbbd2 644 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 645 }
646 break;
647
648 case sDenyGroups:
704b1659 649 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 650 if (options->num_deny_groups >= MAX_DENY_GROUPS)
651 fatal("%s line %d: too many deny groups.\n",
652 filename, linenum);
089fbbd2 653 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 654 }
655 break;
656
a8be9f80 657 case sCiphers:
704b1659 658 arg = strdelim(&cp);
089fbbd2 659 if (!arg || *arg == '\0')
71276795 660 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 661 if (!ciphers_valid(arg))
d0c832f3 662 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 663 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 664 if (options->ciphers == NULL)
089fbbd2 665 options->ciphers = xstrdup(arg);
a8be9f80 666 break;
667
b2552997 668 case sMacs:
669 arg = strdelim(&cp);
670 if (!arg || *arg == '\0')
671 fatal("%s line %d: Missing argument.", filename, linenum);
672 if (!mac_valid(arg))
673 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
674 filename, linenum, arg ? arg : "<NONE>");
675 if (options->macs == NULL)
676 options->macs = xstrdup(arg);
677 break;
678
a8be9f80 679 case sProtocol:
680 intptr = &options->protocol;
704b1659 681 arg = strdelim(&cp);
089fbbd2 682 if (!arg || *arg == '\0')
71276795 683 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 684 value = proto_spec(arg);
a8be9f80 685 if (value == SSH_PROTO_UNKNOWN)
686 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 687 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 688 if (*intptr == SSH_PROTO_UNKNOWN)
689 *intptr = value;
690 break;
691
38c295d6 692 case sSubsystem:
693 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
694 fatal("%s line %d: too many subsystems defined.",
695 filename, linenum);
696 }
704b1659 697 arg = strdelim(&cp);
089fbbd2 698 if (!arg || *arg == '\0')
38c295d6 699 fatal("%s line %d: Missing subsystem name.",
700 filename, linenum);
701 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 702 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 703 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 704 filename, linenum, arg);
705 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 706 arg = strdelim(&cp);
089fbbd2 707 if (!arg || *arg == '\0')
38c295d6 708 fatal("%s line %d: Missing subsystem command.",
709 filename, linenum);
089fbbd2 710 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 711 options->num_subsystems++;
712 break;
713
089fbbd2 714 case sMaxStartups:
c345cf9d 715 arg = strdelim(&cp);
716 if (!arg || *arg == '\0')
717 fatal("%s line %d: Missing MaxStartups spec.",
718 filename, linenum);
719 if (sscanf(arg, "%d:%d:%d",
720 &options->max_startups_begin,
721 &options->max_startups_rate,
722 &options->max_startups) == 3) {
723 if (options->max_startups_begin >
724 options->max_startups ||
725 options->max_startups_rate > 100 ||
726 options->max_startups_rate < 1)
727 fatal("%s line %d: Illegal MaxStartups spec.",
728 filename, linenum);
729 break;
730 }
089fbbd2 731 intptr = &options->max_startups;
732 goto parse_int;
733
eea39c02 734 case sBanner:
735 charptr = &options->banner;
736 goto parse_filename;
2b87da3b 737
5260325f 738 default:
739 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 740 filename, linenum, arg, opcode);
5260325f 741 exit(1);
8efc0c15 742 }
704b1659 743 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
2b87da3b 744 fprintf(stderr,
089fbbd2 745 "%s line %d: garbage at end of line; \"%.200s\".\n",
746 filename, linenum, arg);
5260325f 747 exit(1);
8efc0c15 748 }
8efc0c15 749 }
5260325f 750 fclose(f);
751 if (bad_options > 0) {
752 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
753 filename, bad_options);
754 exit(1);
8efc0c15 755 }
8efc0c15 756}
git-cvsimport mirror of OpenSSH
This page took 0.226007 seconds and 5 git commands to generate.